Infections Abound on Popular URL Shortening Services – Twitter Users Beware

Posted on by

With October being National Cybersecurity Awareness Month (NCSAM), it’s important to renew our focus on the threats inherent in our online lives.  The popularity of social media sites such as Twitter is only equaled by the threats it may conceal.  As one expert noted, whenever there is a massive trend in online behavior, the criminal hackers are not far behind looking for a way to exploit it. And when this behavior involves something as widely used as Twitter, a malware exploit can gain ground rapidly – growing exponentially as it is “retweeted” to other unsuspecting followers.  The behavior referenced here is the growing tendency among Twitter users to employ URL shorteners, offered by those ubiquitous services that turn lengthy URLS into shorter redirects so users can tweet links, while keeping within the 140 character limit Twitter imposes.

The malware that hackers spread via these shortened links is often in the form of a bot, which finds its way into networks and can stay hidden for months. Once it connects to a command and control center outside your network, your PC can become part of large network of botnets doing the bidding of the criminal hackers, who are now bot herders.  Last month, an exploit called the Donbot botnet was found to be infecting shortened URLs to promote an online medication site.  Donbot was able to distribute 10 billion messages containing the malware-infected URL in just one day. Such exploits can ruin reputation, clog servers and force denial of service shutdowns – critical problems for any organization.

Why Shutting down Twitter Access is not the Answer

Complicating this situation is the fact that for many organizations, social media tools have become an integral part of their marketing strategy, increasing marketing efficiency, connecting them with internal and external audiences, lowering the cost of operations and increasing revenue.  Rather than letting these URL shortening exploits force organizations to shut down Twitter access completely, foregoing its importance as a vital marketing tool, it makes more sense to deploy technology that provides granular real-time visibility and control over Twitter and other social media platforms as well.

Even with technology in place, users must be aware of the dangers that shortened URLs present.  Do not click links that are not from a trusted source or tweets that appear to be a phishing link.  And when in doubt, do an online search for the title of the article or suggested website in the tweet to eliminate any risk of a malicious link.

Email
Share
This entry was posted in Cybercrime, Just plain interesting, Social Media Security, Social Networking Security by Steve Brunetto. Bookmark the permalink.
Steve Brunetto

About Steve Brunetto

As Director of Product Management, Steve serves in a pivotal role for EdgeWave in defining the company’s next generation web security offerings and driving continued growth. Steve is a web security veteran of more than 10 years, having worked as a Product Manager for Websense’s Web Security products where he was instrumental in launching the company’s Web Security Gateway and growing cloud-based and hybrid Web Security Services. Steve has also worked at eBay, Adobe, and Apple in QA and engineering roles and earned an MBA from Santa Clara University and a Bachelor of Arts & Sciences in Physics and History from Stanford University.

Leave a Reply